-
Notifications
You must be signed in to change notification settings - Fork 75
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The road to a authenticator-based two-factor authentication #62
Comments
Just to let you know, we're working hard on removing all legacy code in 6.0 and are adding lots of minor to big deprecations in 5.4 for everything we've missed in 5.3. You can follow this process in symfony/symfony#41613 (including all PRs that referenced it). Two important PRs I think for this package: In symfony/symfony#42050 , we deprecated unauthenticated tokens. I believe you use this currently to make sure 2FA is not detected as authenticated. In symfony/symfony#42510 , I introduce |
Btw, "I plan to have the next major bundle version (also 6) to be released in sync with that.", if you also mean in sync on the release date, I would highly recommend to not do that, but at least wait one month. That'll give some more time to update things if we change something between the RC phase and the stable release, and it'll give the community some time to fix critical bugs in Symfony that weren't discovered before the stable release (and these bug fixes in turn might also affect this bundle). |
Hi Wouter, Sounds like it's time to add a build against Symfony 5.4 and 6.0 branches, I'm curious how these will go. The And regarding the bundle release, I've rephrased that. I did not mean to litterally release "in sync". I just wanted to express that the bundle's major release will be around Symfony's. Though I'll let Symfony release some beta/RC first, before I'd consider to start publishing respective beta/RC versions of the bundle. I'll see how things are going. If I'd discover anything add I'll reach out! |
Update for everyone else: 2fa-bundle on Symfony 5.4 is almost fine. There is one breaking change that was introduced as the result of a refactoring, we need to see how to solve that. |
^ This is has been solved in the meantime. 2fa-bundle 5.x on Symfony 5.4 is working fine. |
The bundle is supporting authenticator-based security since v5
(Shamelessly stealing the title from Wouter's symfony/symfony#39308)
I create this issue to let everyone know what the plan is with bundle's next major version and authenticator-based security.
The bundle is supporting authenticator-based security since 5.0.0. It's an experimental feature in Symfony, also the bundle's implementation has been experimental. I've continously adopted new features arriving with Symfony 5.x minor releases to make the authenticator intgeration better and cleaner. Because of that, if you want to use authenticator-base security with the current bundle version (at time of writing 5.7.0), it requires at least Symfony 5.2, with #61 that will be Symfony 5.3.
Symfony maintainers plan to remove the old security system and make authenticator-based security officially the new security system in Symfony 6, planned for November 2021. I plan to have the next major bundle version (also 6) to be released close to that. That version will be the one supporting Symfony 6, bundle version 5 will not support Symfony 6.
The goal for this upcoming major version is to have finally a clean implementation for two-factor authentication. I want to remove any kind of "hacks" the bundle does to make two-factor authentication work. These are mostly DIC hacks to decorate (internal) services from Symfony's security to inject some extra 2fa-bundle logic. Furthermore, since bundle version 6 is targeting Symfony 6, I'll remove support for the old security system. That allows me to remove a big chunk of code that's no longer needed. Also various compatibility layers for older Symfony versions can be removed.
Summary:
To support early testing, I'm likely going to release a v6-beta version of the bundle, which is supporting Symfony's respective beta and RC versions* Symfony 6 will require PHP 8.0 (symfony/symfony#40389)
Todo:
app
readmeThe text was updated successfully, but these errors were encountered: